The Solution
In recognising its increased potential for phishing attacks, healthAlliance began looking for solutions that could help it better manage the risk by training its employees to identify phishing emails. “We had heard that another district health board in New Zealand had run with Shearwater’s Phriendly Phishing software, so we touched base with them and asked about how it was working,” says Ms Schoff. “When another organisation in our sector successfully uses a solution, word gets around, and that gives us an immediate level of comfort that the product should also work for us,” she adds.
Phriendly Phishing is a Phishing Awareness and Simulation program designed to help organisations measure, track and improve their staff’s ability to identify and manage phishing and spear-phishing threats. Typically, up to 70 out of 100 employees would open a spear-phishing email, and 35 would click on the embedded link. The resulting ransomware can cause significant business disruption and costly remediation, not to mention reputational damage. With Phriendly Phishing, organisations get a fully managed, comprehensive and measurable training solution, with easyto-use tools that will help them to understand their organisation’s overall phishing risk profile, educate their staff, nurture awareness and prove successful behavioural change across their organisation.
Phriendly Phishing works in three simple stages:
MEASUREMENT: Baseline Audit
Starts with a simulated phishing campaign to determine your organisation’s overall phishing risk, and to establish a baseline for future improvement measurements.
IMPROVEMENT: Awareness Training
Delivered via the Internet; with tiers targeted at the beginner, intermediate and advanced levels, the training creates awareness of phishing threats and enables staff to develop phishing detection skills. Users start at the beginner level and work their way up.
REINFORCEMENT: Learning Reinforcement
To enhance the training concepts and incorporate them into the employee’s day-to-day reality, staff members will receive simulated phishing emails, varying in sophistication, at random intervals. This is designed to help fine tune detection skills. If users open any of the simulated emails on a link, they will be redirected to the portal for a training recap.